How to
Navigate New & Updated Guidelines, Healthcare Marketing Restrictions and
HIPAA Compliance
When implementing your healthcare marketing strategy to
publish health content or ads of any type, it's paramount to understand the
applicable regulations, or work with a firm that is knowledgeable in this area.
This is particularly important regarding use of tracking technologies such as
cookies, pixels or tracking codes.
Each social media platform has unique, specific restrictions
regarding appropriate imagery, verbiage, and demographics when advertising
healthcare services and products. Your ads will not be approved, or you could
get banned from sending ads, if any platform finds your ads to be in violation
of their healthcare advertising and marketing policies. These policies evolve
continually, requiring ongoing monitoring of these restrictions for each platform
or medium where you are running ads.
In addition to the ad restrictions from the media platforms,
new government regulations were recently released that could forever change
the future of digital healthcare marketing. These new HIPAA regulations may
potentially make the use of tracking technologies cost-prohibitive for many
entities, due to the risk of lawsuits, and the amount of legal obligations now
required to utilize tracking technologies for healthcare marketing purposes.
This new guidance was released and outlined by the Office of
Civil Rights (OCR), part of the US Department of Health and Human Services
(HHS), regarding digital marketing and HIPAA compliance. The new regulations
state that HIPAA rules apply "when the information that regulated entities
collect through tracking technologies or disclose to tracking technology
vendors includes protected health information (PHI)." Furthermore, according to
HHS, "Regulated entities are not permitted to use tracking technologies in a
manner that would result in impermissible disclosures of PHI… or any other
violations of HIPAA Rules."
A detailed overview of the new regulations is provided on
the HHS
website. This excerpt below explains how tracking technologies fall under
the HIPAA rules (emphasis ours):
How do
the HIPAA Rules apply to regulated entities' use of tracking technologies?
Regulated entities disclose a variety of information to
tracking technology vendors through tracking technologies placed on a
regulated entity's website or mobile app, including individually identifiable
health information (IIHI) that the individual provides when they use
regulated entities' websites or mobile apps.
This information might include an individual's medical
record number, home or email address, or dates of appointments, as well as an
individual's IP address or geographic location, medical device IDs, or any
unique identifying code.
All such IIHI collected on a regulated entity's website
or mobile app generally is PHI, even if the individual does not have an
existing relationship with the regulated entity and even if the IIHI, such as
IP address or geographic location, does not include specific treatment or
billing information like dates and types of health care services.
This is because, when a regulated entity collects the individual's
IIHI through its website or mobile app, the information connects the
individual to the regulated entity (i.e., it is indicative that the
individual has received or will receive health care services or benefits from
the covered entity), and thus relates to the individual's past, present, or
future health or health care or payment for care.
These HIPPA regulations apply to tracking technologies
used on:
·
All authenticated webpages (requiring a user
login)
·
Any unauthenticated webpages (no user login required)
·
Mobile apps
Is it
even feasible to incorporate any tracking technologies in digital healthcare
marketing anymore?
Yes,
but…
According to the bulletin, if HIPAA-covered entities and
business associates do use tracking technology, they are obligated by the HHS
and OCR to do the following:
·
Make sure that all disclosures of PHI are
permitted by the Privacy Rule and, unless an exception applies, only the
minimum necessary PHI to achieve the intended purpose is disclosed.
·
Ensure that they have applicable permission
prior to any disclosure of PHI and that the tracking vendor has signed a
HIPAA BAA (business associate agreement) or that the patient signs a HIPAA-compliant
authorization prior to the disclosure
·
Even if the vendor does not save the PHI or
removes PHI before saving data, the disclosure still requires a signed BAA and
permissible purpose
·
Analyze the tracking technologies in the
entity's HIPAA Risk Analysis and Risk Management processes and ensure that
transmitted PHI is properly secured
·
Provide notification of any security/PHI
breach to affected individuals, the Secretary, and the media (when
applicable)
Proceed
with caution… Our team of experts can help.
Above is simply an overview of some of the key components
and complexities of the new OCR/HHS regulations governing the use of tracking
technologies in healthcare marketing. Be sure to review the entire
HHS bulletin.
If, after reviewing the new guidelines from the HHS, there
are any remaining questions or lingering uncertainty about the above
requirements for utilizing tracking technologies, you may want to consult with industry
experts who are knowledgeable in the legal and regulatory aspects of digital
healthcare marketing before proceeding with implementing the use of any
tracking technologies in your digital healthcare marketing.
The team at CMG Healthcare Marketing can help you avoid any
potential missteps by offering expertise and guidance to navigate the rules and
regulations from the OCR/HHS as well as the restrictions by various media
platforms.
Our team of
experienced and knowledgeable consultants at CMG Healthcare Marketing can help
you avoid any potential missteps by offering expertise and guidance to navigate
the rules and regulations from the OCR/HHS, as well as restrictions enforced by
various social media platforms.
We can work
with you to devise a strategic multichannel marketing strategy to grow your
reach, acquire more patients, and grow your revenue. To tap into the vast
resources of CMG Healthcare Marketing, contact us to discuss your questions and
challenges and we'll provide answers and solutions to meet your specific
healthcare marketing needs with optimal ROI to achieve your revenue goals.